# Affine Pairings on ARM

@inproceedings{Acar2012AffinePO, title={Affine Pairings on ARM}, author={Tolga Acar and Kristin E. Lauter and Michael Naehrig and Daniel Shumow}, booktitle={Pairing}, year={2012} }

We report on relative performance numbers for affine and projective pairings on a dual-core Cortex A9 ARM processor. Using a fast inversion in the base field and doing inversion in extension fields by using the norm map to reduce to inversions in smaller fields, we find a very low ratio of inversion-to-multiplication costs. In our implementation, this favors using affine coordinates, even for the current 128-bit minimum security level specified by NIST. We use Barreto-Naehrig (BN) curves and…

## 27 Citations

Efficient Implementation of Bilinear Pairings on ARM Processors

- Computer Science, MathematicsSelected Areas in Cryptography
- 2012

This paper investigates the efficient computation of the Optimal-Ate pairing over Barreto-Naehrig curves in software at different security levels on ARM processors, exploiting state-of-the-art techniques and proposing new optimizations to speed up the computation in the tower field and curve arithmetic.

Efficient Pairings on Various Platforms

- Computer Science, Mathematics
- 2012

This thesis gives an introduction to pairing-based cryptography and describes the Tate pairing, and extends the idea of lazy reduction to field inversion, optimize curve arithmetic, and construct efficient tower extensions to optimize field arithmetic.

Implementing Cryptographic Pairings on ARM dual-core Processors

- Computer ScienceIEEE Latin America Transactions
- 2020

This paper explores the parallelization capabilities of the ARM processing system embedded in a Zynq device for a software implementation of the optimal Ate pairing by organizing operations of line evaluation and point arithmetic formulas to have little data dependency and scheduling independent operations to be perfomed simultaneously in separate cores of an ARM dual-core Cortex-A9 processor.

Implementing Cryptographic Pairings on ARM dual-core Processors

- Computer ScienceIEEE Latin America Transactions
- 2019

This paper explores the parallelization capabilities of the ARM processing system embedded in a Zynq device for a software implementation of the optimal Ate pairing by organizing operations of line evaluation and point arithmetic formulas to have little data dependency and scheduling independent operations to be perfomed simultaneously in separate cores of an ARM dual-core Cortex-A9 processor.

Fast Software Implementations of Bilinear Pairings

- Computer Science, MathematicsIEEE Transactions on Dependable and Secure Computing
- 2017

This paper investigates the efficient computation of the Optimal-Ate pairing over special class of pairing friendly Barreto-Naehrig curves in software at different security levels and significantly improves the state-of-the-art of pairing computation on ARM-powered devices and x86-64 PC platforms.

Fast Quadrupling of a Point in Elliptic Curve Cryptography

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

This paper extends their method and presents a fast algorithm for computing 4P with only one inversion in affine coordinates, faster than two repeated doublings whenever the cost of one field inversion is more expensive than thecost of four field multiplications plus three field squarings.

Improved Precomputation Scheme for Scalar Multiplication on Elliptic Curves

- Computer Science, MathematicsIMACC
- 2011

A new scheme to precompute all odd multiples on standard elliptic curves in affine coordinates and shows that the scheme requiring only 2(k −1) registers, offers the best performance in the case of k ≥8 if the I/M-ratio is around 10.

Choosing and generating parameters for pairing implementation on BN curves

- Computer Science, MathematicsApplicable Algebra in Engineering, Communication and Computing
- 2017

The main purpose of this paper is to describe explicitly and exhaustively what should be done to generate the best possible parameters and to make the best choices depending on the implementation context.

Hardware processors for pairing-based cryptography

- Computer Science, Mathematics
- 2016

Bilinear pairings can be used to construct cryptographic systems with very desirable properties. A pairing performs a mapping on members of groups on elliptic and genus 2 hyperelliptic curves to an…

The Realm of the Pairings

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

This paper reviews the evolution of pairing-based cryptosystems, the development of efficient algorithms and the state of the art in pairing computation, and the challenges yet to be addressed on the subject, while also presenting some new algorithmic and implementation refinements in affine and projective coordinates.

## References

SHOWING 1-10 OF 35 REFERENCES

An Analysis of Affine Coordinates for Pairing Computation

- MathematicsPairing
- 2010

In this paper, it is observed that in many practical settings, e.

Faster Explicit Formulas for Computing Pairings over Ordinary Curves

- Mathematics, Computer ScienceEUROCRYPT
- 2010

Efficient formulas for computing pairings on ordinary elliptic curves over prime fields are described, improving on the state-of-the-art performance of cryptographic pairings by 28%-34% on several popular 64-bit computing platforms.

New Software Speed Records for Cryptographic Pairings

- Computer Science, MathematicsLATINCRYPT
- 2010

An implementation which computes the optimal ate pairing on a 257- bit Barreto-Naehrig curve in only 4,470,408 cycles on one core of an Intel Core 2 Quad Q6600 processor is presented.

High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves

- Computer Science, MathematicsPairing
- 2010

The design of a fast software library for the computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve is described, able to compute the optimal eating pairing over a 254-bit prime field Fp, in just 2.33 million of clock cycles.

Trading Inversions for Multiplications in Elliptic Curve Cryptography

- Computer Science, MathematicsDes. Codes Cryptogr.
- 2006

A variant which is faster whenever a field inversion is more expensive than six field multiplications is proposed, an improvement when tripling a point, and a ternary/binary method to perform efficient scalar multiplication are presented.

On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves

- Mathematics, Computer SciencePairing
- 2008

This work exploits the structure of pairing-friendly elliptic curves to reduce to a minimum the computation required for the final exponentiation of the Tate pairing.

A family of implementation-friendly BN elliptic curves

- Mathematics, Computer ScienceJ. Syst. Softw.
- 2011

Efficient and Generalized Pairing Computation on Abelian Varieties

- Mathematics, Computer ScienceIEEE Transactions on Information Theory
- 2009

Using the R-ate pairing, the loop length in Miller's algorithm can be as small as log (r1/phi(k)) some pairing-friendly elliptic curves which have not reached this lower bound.

The Eta Pairing Revisited

- Mathematics, Computer ScienceIEEE Transactions on Information Theory
- 2006

By swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speed-up of a factor of around six over the usual Tate pairing, in the case of curves that have large security parameters, complex multiplication by an order of Qopf (radic-3), and when the trace of Frobenius is chosen to be suitably small.

Faster Pairing Computations on Curves with High-Degree Twists

- Mathematics, Computer SciencePublic Key Cryptography
- 2010

Eﬃcient formulas for curves with twists of degree 2, 3, 4 or 6 are presented and it is shown how these faster formulas can be applied to Tate and ate pairing variants, thereby speeding up all practical suggestions for eﬁelds of large characteristic.